Renu Jha, Regional Chief Compliance Officer – Asia Pacific for Fresenius Medical Care in Hong Kong
GZ: Thanks for taking the time to be interviewed for CEP Magazine. You have an interesting professional background that includes forensic accounting certifications and experience in internal audit prior to transitioning full-time to compliance several years ago. What sparked your interest in compliance to the extent that you decided to transition from audit into compliance?
RJ: Working in internal audit, fraud detection, and prevention provided me with a strong base from which the transition into compliance was easy. I find compliance more challenging and satisfying, since it focuses on the present and future by developing procedures and tools to embed compliance into operations. Internal audit, on the other hand, focuses on providing assurance to management that the controls have been designed to appropriately manage the risks and are working effectively. Internal audit is focused on the past and present. In that sense, compliance is more of a strategic, proactive, business-partnering function and helps to grow the business in an ethical and compliant manner. I’d like to continue to work in and enhance my knowledge in the governance, risk management, and compliance space.
GZ: Your experience also involves work in India, Singapore, and, now, Hong Kong. How has this exposure to different environments helped you in your role as a compliance professional?
RJ: Being part of international teams in reputed multinational companies while I was based in a complex, high corruption-risk country like India—and having set up internal audit and compliance functions and built teams from scratch—has provided me insight into the cultural differences and risks involved in doing business in various Asian markets. Working as a compliance professional in Singapore and Hong Kong, handling around 22 countries across Asia-Pacific, and having this understanding of cultural nuances and regulatory challenges have helped me to develop a flexible and practical approach to compliance, and taught me not to force-fit countries into a standard compliance program with a one-size-fits-all approach.
Asia-Pacific has markets as diverse as Australia, Japan, China, India, and Myanmar, where the regulatory environments and healthcare landscapes are quite varied, and typically the scale of operations of any multinational corporation in these countries is also very different. I’ve been lucky to have the opportunity to live and work in different countries, and that has helped me to develop the cultural sensitivity required for handling a diverse team. “Glocalization,” thinking globally and acting locally, is the mantra I abide by. We strive to do this by localizing our compliance program as required, while keeping it consistent with our global standards to the extent possible.
GZ: As a medical supply company with dozens of facilities throughout the world, compliance is extremely complex. How is this complexity reflected in the structure and assignment of responsibilities in the compliance function of Fresenius?
RJ: Compliance in Fresenius covers activities ranging from manufacturing, marketing, and selling of products; to running dialysis clinics; and to operating a research and development facility, many plants, and a shared service center in Asia. Further, we also have several mergers and acquisition transactions. To handle all of this, we have designated compliance officers in each country and/or unit. Our team has a diverse mix of people coming from compliance, legal, audit, and finance backgrounds.
GZ: You’ve gone through post-merger integration of compliance programs, which can be a very difficult process. Even with the best pre-acquisition due diligence, there are always surprises and challenges. What lessons can you share with our readers about how to best prepare for the integration of compliance programs after a merger or acquisition?
RJ: Agreeing on the post-acquisition compliance integration plan, timelines, and resource requirements with the target company and internal stakeholders, before the acquisition is finalized, is key to successful post-merger integration. Thereafter, having a robust tracking mechanism and escalation process to ensure timely closure of the post-merger integration plan is helpful in making sure the plan is well implemented.
GZ: You also have experience in dealing with multiple laws involving bribery and corruption—in your case, the Foreign Corrupt Practices Act (FCPA), UK Bribery Act, and the Prevention of Corruption Act in India. What are the biggest challenges in dealing with compliance requirements that differently address the same or similar issues, which can also apply simultaneously to certain parts of a company’s operations?
RJ: Apart from international and local laws, as a medical device company, we are also required to abide by country/region-specific industry codes of conduct (for example, the APACMed Code of Ethical Conduct). To comply with all these regulations and guidelines, we work closely with our colleagues in legal as well as industry peers to keep abreast of new guidelines so that we can make modifications to our compliance program, as required from time to time. Our compliance program is designed to not only address the FCPA and the UK Bribery Act, but also it is wider in scope. For example, direct sponsorship of healthcare professionals at third-party events was prohibited by the revised APACMed Code, effective January 1, 2018. We collaborated with our colleagues from APACMed and modified our compliance program well in advance to be compliant with the revised code by the time it came into effect.
GZ: What do you think is the key to having a strong compliance program?
RJ: In all my years of working in compliance, what I have learned is that while compliance policies, procedures, tools, trainings, and communication are useful in building a good compliance program, what matters most is having a strong culture of ethics and compliance. When an organization succeeds in building that, then employees learn to do what is right—not just what is legal. Some employees do this by default, but for those that don’t, it’s important to know that the company does not support bad business, even if it helps the company to meet business targets.
Growing the business on a foundation of ethics and compliance helps companies build a sustainable, long-term business. Ethics is good business, and we reiterate this to our employees by using examples of “what went wrong” and what could have been done differently. This helps leaders to establish a strong tone at the top, which cascades to an effective “mood in the middle” and “buzz at the bottom,” until ethics and compliance become a part of the DNA of an organization and how business is conducted.
It’s important that we not only share the consequences of unethical and noncompliant conduct in terms of fines, termination of employees, and so on, but also highlight the positive aspects of operating ethically so that employees understand why doing the right thing makes good business sense. When a company is ethical and compliant, employees feel safe and proud to work in the company; it’s easier to attract and retain talent, top vendors, and customers; and it’s easier to get investment and loans. And all of this ultimately helps business.
A favorite example I like to use is comparing a company with a strong compliance program to a car with effective brakes. Brakes do not stop us from driving; rather, knowing that we have them gives us the confidence to drive as fast as we would like to. Likewise, knowing that the organization has effective compliance and internal controls gives management the assurance that they can grow the business and address risks proactively without having to worry or spend time, resources, and energy on fixing things in an ad hoc, reactionary manner.
GZ: At SCCE’s 2018 Regional Compliance Conference in Singapore, you presented a great session on leveraging compliance practices with business practices. One of the concepts you described involved designating “compliance champions” from each business unit. What are some of the keys to successfully implementing this practice?
RJ: Thanks for your kind words. We can successfully use the concept of compliance champions in countries or units where operations are not large enough to require full-time compliance resources. In these cases, for example, we may designate finance staff or staff from other support functions as compliance champions, and they can then handle all the compliance-related responsibilities. The compliance champions should be trained, mentored, supervised, and guided by senior compliance staff, who can equip them with the requisite compliance knowledge and tools to ensure that the quality of guidance provided by the compliance champions is timely and of high quality.
GZ: Staying on top of compliance-related developments and changing risks can be very difficult. How do you stay current on the many compliance developments that affect your company?
RJ: Interacting with industry peers, reading compliance journals and blogs, keeping note of articles on LinkedIn, and participating in compliance conferences are some ways in which I try to keep my knowledge up to date and assess whether and how we need to adapt our compliance program to meet new requirements.
GZ: Technology is being embraced more than ever as a tool for enhancing compliance, through improved controls, technology-assisted monitoring, etc., while also posing new risks. How have developments in technology changed how you carry out your duties as a compliance officer?
RJ: Using technology has helped us in to have better monitoring, reporting, training, and due diligence mechanisms. We try as much as possible to leverage technology to enhance our compliance and control environment:
Tracking tools enable us to have clear, measurable metrics that can be reported to management and apprise them of the compliance implementation status.
We supplement our classroom-based compliance training sessions with online compliance training, which helps us to cover a huge employee base and track completion rates more efficiently.
One of the key areas of risk for the medical device industry is the use of third-party intermediaries. Having an automated approach to perform due diligence and arrive at decisions gives us a risk-based, consistent, and efficient screening process. We have a high number of third parties, and with risk scoring built into the questionnaire in the due diligence tool, we can have faster workable solutions to help us embed the screening process into operations. Based on the data collected and questionnaires answered by the third parties, we can conduct appropriate levels of due diligence. This facilitates an objective process and puts large numbers of third parties through due diligence in a relatively short period of time with a small team.
GZ: In your opinion, what are some of the most important qualities of a compliance officer?
RJ: Apart from qualities like integrity and having the courage to stand up to strong opposition, the ability to listen, empathize, and be persuasive in one’s arguments I think are important attributes a compliance officer must possess in order to be successful. Compliance should not be viewed as a policing function, rather as a business-enabling function. Although a healthy amount of skepticism is necessary, understanding the challenges faced by business and working as a team to find possible solutions is also required. Knowing when to say “no” and being able to explain why helps win the trust and confidence of business colleagues. Having business leaders and compliance speaking in one voice helps to successfully embed compliance into the culture and day-to-day operations. For this, one must have persuasive skills to get buy-in and engagement from the business.
GZ: You are now eight years into the transition from internal audit and risk to full-time compliance roles. What has surprised you the most about working in compliance?
RJ: The most surprising, interesting, and challenging part of working in compliance is that no matter how many years one spends in this field, due to the fast-changing and evolving nature of the regulatory environment, coupled with being based in Asia-Pacific—one of the highest growth markets with several countries with high corruption and compliance risks—there are always new things to learn. It’s a very dynamic field to work in, and I have yet to find it predictable or monotonous. There is never a dull moment.
GZ: Renu, thank you very much for sharing your experiences with our readers.
Disclaimer: Opinions expressed here are solely the interviewee’s own and do not express the views or opinions of her employer.